In addition to adding a definition for the latest "MAC Defender" trojan horse to warn users that the download should be deleted, the new security update adds a daily malware definitions check to make subsequent malware attempts even easier for Apple to protect it users from.

Users can opt out of the daily malware definitions update check by unchecking the new "Automatically update safe downloads list" checkbox in Security Preferences.

Just like Windows.... Oh, wait, I mean, just like Windows could have done and should have done years ago.

FTR, why don't Google, Bing and other search sites quarantine sites which enable malware like this. Particularly when the sites allow themselves to be a regular transport mechanism for malware. As long as search sites like Google, Bing and others don't help to stop it, more people will continue to visit these same sites over and over and over again. By helping to stop it, instead of making it easier, search sites can make distribution of malware more difficult.

It won't solve the problem, but anything that makes it more difficult for malware or educates users to be more careful makes it better for the rest of us.

Hooray! Although I've already turned off the "automatically open safe file types" option in Safari. Google should be ashamed of itself for allowing SEO poisoning, BTW. As far as I'm concerned, Google Image Search is more or less overrun by content farms and phishing servers.

Hooray! Although I've already turned off the "automatically open safe file types" option in Safari. Google should be ashamed of itself for allowing SEO poisoning, BTW. As far as I'm concerned, Google Image Search is more or less overrun by content farms and phishing servers.

It's not a problem specific to Google. Any search engine can deliver "poisoned" results.

It's nice that Apple has finally gotten proactive. Even though we only seem to get less than one piece of malware a year, Apple should be dealing with it in a rapid way. Hopefully this will be that way.

Since it's not viruses that Mac gets but just trojans installed by the unwary, this File Quarantine is perfect.

Instead of a full-on performance draining virus checker running 24/7, it now simply has a file-download blacklist that Safari, Mail and iChat reference.

It has already had this for some time, the difference now is it checks in with Apple daily for updates to the blacklist.
"About file quarantine in Mac OS X v10.5 and v10.6"http://support.apple.com/kb/HT3662

Edit: Cool. It not only checks when you download files but when you open them too, so people using Firefox should be covered. But Safari users will catch it sooner.

Since it's not viruses that Mac gets but just trojans installed by the unwary, this File Quarantine is perfect.

Instead of a full-on performance draining virus checker running 24/7, it now simply has a file-download blacklist that Safari, Mail and iChat reference.

It has already had this for some time, the difference now is it checks in with Apple daily for updates to the blacklist.
"About file quarantine in Mac OS X v10.5 and v10.6"http://support.apple.com/kb/HT3662

I have to admit that I use the Symantic suite for Mac, and I've been using their predecessors for quite some time, since System 8. While with System 7, 8, and 9, we did get a few virii a year, and some few pieces of malware, we haven't had any actual problems with OS X. But, I do get Windows junk. Since I don't want to pass that on to my Windows using friends(yes, I do have some), I use this to mainly eradicate those. But better safe than sorry. The way I have it set, it doesn't slow the machine down.

I have to admit that I use the Symantic suite for Mac, and I've been using their predecessors for quite some time, since System 8. While with System 7, 8, and 9, we did get a few virii a year, and some few pieces of malware, we haven't had any actual problems with OS X. But, I do get Windows junk. Since I don't want to pass that on to my Windows using friends(yes, I do have some), I use this to mainly eradicate those. But better safe than sorry. The way I have it set, it doesn't slow the machine down.

That's the only reason I can think of to install a virus checker - to protect Windows users. Especially after today. But virus checkers remain a big seller on the App Store so I guess a lot of people think like you, or they just assume you have to have one.

I have ClamX just for funsies, but have not updated that thing in months. Use it to check USB sticks that are given to me, mostly from Windows Users. I dunno, it sucks that someone released this in the wild, on the other hand it is so easy to neutralize it almost does not count.

I actually had a toothy grin on my face when I saw the "daily malware definitions check".

If its kept squeaky clean and up to date with as many malware definitions as possible, then even the opening of safe files automatically from Safari will be of very little security risk. It'll just flag a warning and dump it to the trash. Although I think the dialogue box should've read "it will be moved to the trash", rather than asking for confirmation.

Security is one area that I hope Apple is on top of. The Mac community has had a pretty easy go thus far in the virus and malware department.

In twenty-one years the only issue that I recall having to deal with was the Auto-Start worm back in 1998. (if I recall correctly)

It actually wasn't a problem for me as I was running virus protection with up-to-date definitions. It saved my bacon when a client sent me files on a zip disk. It caught the virus and spit out the disk.

I was lucky because I had just installed virus protection software about a week earlier.

Edit: Cool. It not only checks when you download files but when you open them too, so people using Firefox should be covered. But Safari users will catch it sooner.

I think it's Apple's answer to Sophos' "On Access" scanning. The ONLY thing I hope Apple do differently to Sophos is have it not check already installed and previously used Applications. Sophos' On Access scanner caused large applications like Fireworks and Dreamweaver, Word, Eclipse (etc.) to take a fair few minutes to open, rather than thirty seconds. On a Notebook it was even worse because it hammered on the CPU and Hard Disk like no tomorrow, using more battery life than it really should.

When the latest 10.6.8 beta appeared with the MAC Defender check and removal I thought it odd this wasn't part of a Security Update. Are we to assume that those 10.6.8 developers were not aware of the impending Security Update or that 10.6.8 will just be a backup measure for those that oddly don't get the Security Update?

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

Yes, the word Google has replaced "search engine". I should have said "search engine". I just happen to use Google for everything, but I was lamenting that SEO poisoning is out of control. I won't image search on anything popular.

Just like Windows.... Oh, wait, I mean, just like Windows could have done and should have done years ago.

FTR, why don't Google, Bing and other search sites quarantine sites which enable malware like this. Particularly when the sites allow themselves to be a regular transport mechanism for malware. As long as search sites like Google, Bing and others don't help to stop it, more people will continue to visit these same sites over and over and over again. By helping to stop it, instead of making it easier, search sites can make distribution of malware more difficult.

It won't solve the problem, but anything that makes it more difficult for malware or educates users to be more careful makes it better for the rest of us.

There is a wonderful application called WOT(web of trust) that systematically flags websites with ratings based on embedded code. It allows you to preview sites without endagering your computer/mac.

I have ClamX just for funsies, but have not updated that thing in months. Use it to check USB sticks that are given to me, mostly from Windows Users. I dunno, it sucks that someone released this in the wild, on the other hand it is so easy to neutralize it almost does not count.

Running an out of date antivirus software will do more harm than good, in the fact that it may give one a false sense of security.

There is a wonderful application called WOT(web of trust) that systematically flags websites with ratings based on embedded code. It allows you to preview sites without endagering your computer/mac.

You should try it some time. /end sarcasm

The information is appreciated. However, your sarcasm was neither necessary nor appreciated. Instead, responses like yours tend to cut off discussion. And, FWIW, once WOT gets big enough, it will be be perverted by dishonest and greedy people just like everything else on the web is once it attracts enough attention. The basic problem needs to be fixed and not just avoided by finding (for now) safe alternatives.

That said, your reply fails to address the larger issue of why search engines leave their users out in the cold by not helping to stop the crap. Makes one wonder if, perhaps, they don't derive some of their revenue from malware developers. Perhaps like those who suck off legitimate searches to get their bogus sites at the top of key word searches perhaps?

When the latest 10.6.8 beta appeared with the MAC Defender check and removal I thought it odd this wasn't part of a Security Update. Are we to assume that those 10.6.8 developers were not aware of the impending Security Update or that 10.6.8 will just be a backup measure for those that oddly don't get the Security Update?

Previous security updates are always included in major point releases.

I ran software update. Restarted my Mac as the installer states an admin has to log in to make the Security Update effective.

I launch avSetup.pkg which opens up to installer that says "Install Mac Guard Setup" at the top of the installer window but it isn't flagged by the OS.

It's an assumption but I thought this variant would be included in the definitions.

Any thoughts?

Did you move the file out of quarantine previously (i.e. did you dismiss the dialog warning you that the file is downloaded from the internet and to confirm if you want to run it?). If so you will not be asked again, you will have to reset the warnings.

Regardless... if Google starts quarantining malicious sites, they'll force other search engines to do the same or risk having Google become the Safe Search.

According to the Sophos link, legitimate web content is often compromised.

Quote:By hosting the SEO attack within a legitimate site, the attackers are able to piggyback on the reputation of that site, making it harder for the search engines to identify and remove the rogue links. Additionally, distributing attacks across multiple compromised host sites provides increased resilience against URL filtering and other defensive mechanisms.

Did you move the file out of quarantine previously (i.e. did you dismiss the dialog warning you that the file is downloaded from the internet and to confirm if you want to run it?). If so you will not be asked again, you will have to reset the warnings.

Thanks, Mario.

I believe I dismissed the dialog box when I downloaded it several days ago. I don't know how to reset the warnings. If you would be so kind to educate me.

I did take the file, put it on a keychain drive, dropped the avSetup.pkg file into the Download folder on a different Mac that I had just updated and restarted. I then launched avSetup.pkg and there was no warning.

I guess it actually has to download the file for the Security update to work?
Doesn't seem that effective to me if that's a requirement. Or do you think the OS modifies the installer somehow?